A GDPR Summary – Are You Compliance Ready?
Unless you’ve been living under a rock this past year, you’ve heard of GDPR – but just in case you’ve managed to miss it, GDPR refers to the General Data Protection Regulation, and it’s coming into effect on May 25th, this year.
Now, what you may well be less familiar with is the ‘how will GDPR affect me?’ side of things so, if that’s the case, let’s fill you in (and if you know all this already – go and read something else).
First off, why is it important?
Well, let’s ask this: does your organisation possess or process data referring to a specific, identifiable person, and contact that person and/or track their engagement for the purposes of profiling?
If the answer’s yes GDPR will impact you. And just to really scare you (because it scared us too!), the fine for failing to comply can be up to €20 million or 4% of your revenue (not your profit) whichever is the greater.
Yikes, got your attention now, haven’t we?
And if you still don’t think GDPR will affect you, then, well we’d be willing to bet that you’re a customer – and as a customer, this should be of great interest to you too – it’s all about data protection and safeguarding your personal data after all.
So, for the purposes of a short summary, the GDPR implications can be whittled down to three key points:
- Opt-in consent
- Intent and
- Transparency and invisibility
Now, let’s break each of those three key elements down a little further:
1. Opt-in consent
Opt-out (where you have to untick pre-ticked boxes) is a pretty big part of marketing communications these days, and one that you’ve most likely encountered on the regular – whether you’ve noticed it or not (sly devils). But that ‘did I really agree to this?!’ feeling will be no more, because under GDPR, explicit opt-in consent (clear and identifiable) will be required for all marketing communications going forward. That means the default value must be not opted in and those responding have to actively put the tick in the box. So, if a business can’t prove they have this consent as of May 25th, they could be in serious trouble for continuing to use it.
This one’s a real biggy, because under GDPR if a business is using a customer’s data, they need to be able to prove that that customer gave unambiguous, informed consent for them to use it in the specific context for which it’s being used. It needs to be crystal clear that they knew exactly what they were getting themselves into, and it needs to be clear how that business will use their data. So that handy catch all saying you will use their data to make other offers they may be interested in will no longer be allowed.
3. Transparency and invisibility
Finally – and this is where as a customer your ears should really prick up – under GDPR, customers will be able to ask for the data companies are keeping on them (to be turned around in 30 days tops!), and should they wish, have that data removed entirely. So, as a business, there’s going to be a real need for highly structured storage systems, processes and methods. Don’t let your customer data get in a mess, and definitely invest in a high-quality CRM system.
But GDPR is far from all doom and gloom, in fact we truly believe that GDPR can only really be viewed as a good thing. Not only do we have a moral duty to safeguard those individuals using the services or products we provide, but we’ll have happier customers too.
A study by Macro 4 recently found that 42% of those asked would be more likely to use a company that made it easier for them to understand what personal information it was holding about them, and how it will be used.
And this just reinforces our long-held view supporting Seth Godin’s principle from the early days of digital – that of Permission Marketing. Once you have permission from your customers and prospects to market to them because they see the value in the relationship – they should be even more responsive to your communications.
So be GDPR compliant, don’t get fined and be even more successful. There really isn’t a downside.
This week we also have a poll on data protection on Facebook. Vote here, and see what the consensus is around Facebook implementing a private, subscription based option.